diff options
| author | Alexander Bokovoy <ab@samba.org> | 2005-04-15 14:45:00 +0000 |
|---|---|---|
| committer | Gerald (Jerry) Carter <jerry@samba.org> | 2007-10-10 13:11:34 -0500 |
| commit | 9779e6d670d19a5dfdc034084b580653d5ca0670 (patch) | |
| tree | 41dd03bbb94b5c80bf8f3943c2a5b39ab101318b /source4/libcli/security/security_descriptor.c | |
| parent | 7fc2109b9e5e3e1c100da9d9feb865ce412d8b0f (diff) | |
| download | samba-9779e6d670d19a5dfdc034084b580653d5ca0670.tar.gz samba-9779e6d670d19a5dfdc034084b580653d5ca0670.tar.bz2 samba-9779e6d670d19a5dfdc034084b580653d5ca0670.zip | |
r6352: Two new composite calls:
- qfsinfo (query file system information)
- appendacl (append an ACL to existing file's security descriptor and get new
full ACL)
The second one also includes an improvement to security descriptor handling
which allows to copy security descriptor. Written by Peter Novodvorsky
<peter.novodvorsky@ru.ibm.com>
Both functions have corresponding torture tests added. Tested under valgrind and
work against Samba 4 and Windows XP.
ToDo: document composite call creation process in prog_guide.txt
(This used to be commit 441cff62ac75ed16851ce7b8daf9d03eb4c3ec79)
Diffstat (limited to 'source4/libcli/security/security_descriptor.c')
| -rw-r--r-- | source4/libcli/security/security_descriptor.c | 80 |
1 files changed, 77 insertions, 3 deletions
diff --git a/source4/libcli/security/security_descriptor.c b/source4/libcli/security/security_descriptor.c index 77d296235a..54c4bcb6cb 100644 --- a/source4/libcli/security/security_descriptor.c +++ b/source4/libcli/security/security_descriptor.c @@ -50,6 +50,46 @@ struct security_descriptor *security_descriptor_initialise(TALLOC_CTX *mem_ctx) return sd; } +static struct security_acl *security_acl_dup(TALLOC_CTX *mem_ctx, + const struct security_acl *oacl) +{ + struct security_acl *nacl; + int i; + + nacl = talloc (mem_ctx, struct security_acl); + if (nacl == NULL) { + return NULL; + } + + nacl->aces = talloc_memdup (nacl, oacl->aces, sizeof(struct security_ace) * oacl->num_aces); + if ((nacl->aces == NULL) && (oacl->num_aces > 0)) { + goto failed; + } + + /* remapping array in trustee dom_sid from old acl to new acl */ + + for (i = 0; i < oacl->num_aces; i++) { + nacl->aces[i].trustee.sub_auths = + talloc_memdup(nacl->aces, nacl->aces[i].trustee.sub_auths, + sizeof(uint32_t) * nacl->aces[i].trustee.num_auths); + + if ((nacl->aces[i].trustee.sub_auths == NULL) && (nacl->aces[i].trustee.num_auths > 0)) { + goto failed; + } + } + + nacl->revision = oacl->revision; + nacl->size = oacl->size; + nacl->num_aces = oacl->num_aces; + + return nacl; + + failed: + talloc_free (nacl); + return NULL; + +} + /* talloc and copy a security descriptor */ @@ -58,11 +98,45 @@ struct security_descriptor *security_descriptor_copy(TALLOC_CTX *mem_ctx, { struct security_descriptor *nsd; - /* FIXME */ - DEBUG(1, ("security_descriptor_copy(): sorry unimplemented yet\n")); - nsd = NULL; + nsd = talloc_zero(mem_ctx, struct security_descriptor); + if (!nsd) { + return NULL; + } + + if (osd->owner_sid) { + nsd->owner_sid = dom_sid_dup(nsd, osd->owner_sid); + if (nsd->owner_sid == NULL) { + goto failed; + } + } + + if (osd->group_sid) { + nsd->group_sid = dom_sid_dup(nsd, osd->group_sid); + if (nsd->group_sid == NULL) { + goto failed; + } + } + + if (osd->sacl) { + nsd->sacl = security_acl_dup(nsd, osd->sacl); + if (nsd->sacl == NULL) { + goto failed; + } + } + + if (osd->dacl) { + nsd->dacl = security_acl_dup(nsd, osd->dacl); + if (nsd->dacl == NULL) { + goto failed; + } + } return nsd; + + failed: + talloc_free(nsd); + + return NULL; } /* |